Uses isSequence flag to block chained expressions
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f238cf4f Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f238cf4f Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f238cf4f Branch: refs/heads/master Commit: f238cf4f1091be19fbcfd086b042c86a1bcaa7fc Parents: 016b8ee Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Mon Apr 18 20:38:27 2016 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Wed May 4 09:20:04 2016 +0200 ---------------------------------------------------------------------- .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 6 +++--- .../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/f238cf4f/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java index 679c804..562b6fc 100644 --- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java +++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java @@ -287,7 +287,7 @@ public class OgnlUtil { compileAndExecute(name, context, new OgnlTask<Void>() { public Void execute(Object tree) throws OgnlException { if (isEvalExpression(tree, context)) { - throw new OgnlException("Eval expression cannot be used as parameter name"); + throw new OgnlException("Eval expression/chained expressions cannot be used as parameter name"); } Ognl.setValue(tree, context, root, value); return null; @@ -303,7 +303,7 @@ public class OgnlUtil { if (context!=null && context instanceof OgnlContext) { ognlContext = (OgnlContext) context; } - return node.isEvalChain(ognlContext); + return node.isEvalChain(ognlContext) || node.isSequence(ognlContext); } return false; } @@ -360,7 +360,7 @@ public class OgnlUtil { private void checkEnableEvalExpression(Object tree, Map<String, Object> context) throws OgnlException { if (!enableEvalExpression && isEvalExpression(tree, context)) { - throw new OgnlException("Eval expressions has been disabled!"); + throw new OgnlException("Eval expressions/chained expressions have been disabled!"); } } http://git-wip-us.apache.org/repos/asf/struts/blob/f238cf4f/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java index 1ccdc4a..339d603 100644 --- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java +++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java @@ -744,6 +744,21 @@ public class OgnlUtilTest extends XWorkTestCase { assertEquals(expected.getMessage(), "Method \"getRuntime\" failed for object class java.lang.Runtime"); } + public void testBlockSequenceOfExpressions() throws Exception { + Foo foo = new Foo(); + + Exception expected = null; + try { + ognlUtil.setValue("#booScope=@myclass@DEFAULT_SCOPE,#bootScope.init()", ognlUtil.createDefaultContext(foo), foo, true); + fail(); + } catch (OgnlException e) { + expected = e; + } + assertNotNull(expected); + assertSame(OgnlException.class, expected.getClass()); + assertEquals(expected.getMessage(), "Eval expressions/chained expressions have been disabled!"); + } + public static class Email { String address;
